Splunk

Splunk Cloud Platform

85 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2022-43568

Exploit
  • EPSS 38.44%
  • Veröffentlicht 04.11.2022 23:15:10
  • Zuletzt bearbeitet 21.11.2024 07:26:48

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio.

5.4

CVE-2022-43569

Exploit
  • EPSS 0.81%
  • Veröffentlicht 04.11.2022 23:15:10
  • Zuletzt bearbeitet 21.11.2024 07:26:48

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model.

6.5

CVE-2022-43570

  • EPSS 0.31%
  • Veröffentlicht 04.11.2022 23:15:10
  • Zuletzt bearbeitet 21.11.2024 07:26:48

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents in...

6.5

CVE-2022-43572

  • EPSS 0.85%
  • Veröffentlicht 04.11.2022 23:15:10
  • Zuletzt bearbeitet 21.11.2024 07:26:48

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing.

6.5

CVE-2022-43564

  • EPSS 0.41%
  • Veröffentlicht 04.11.2022 23:15:09
  • Zuletzt bearbeitet 21.11.2024 07:26:47

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros.

8.8

CVE-2022-43563

  • EPSS 0.14%
  • Veröffentlicht 04.11.2022 23:15:09
  • Zuletzt bearbeitet 21.11.2024 07:26:47

In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards ....

5.4

CVE-2022-43562

  • EPSS 0.31%
  • Veröffentlicht 04.11.2022 23:15:09
  • Zuletzt bearbeitet 21.11.2024 07:26:47

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site script...

8.8

CVE-2022-43571

Exploit
  • EPSS 27.57%
  • Veröffentlicht 03.11.2022 23:15:21
  • Zuletzt bearbeitet 21.11.2024 07:26:48

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component.

4.8

CVE-2022-43561

Exploit
  • EPSS 0.2%
  • Veröffentlicht 03.11.2022 23:15:15
  • Zuletzt bearbeitet 21.11.2024 07:26:47

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The vulnerability affects instances with Splunk Web ena...

3.5

CVE-2022-37438

  • EPSS 0.35%
  • Veröffentlicht 16.08.2022 21:15:13
  • Zuletzt bearbeitet 21.11.2024 07:14:59

In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drill...